Vulnerabilities > Pyyaml > Pyyaml > 5.1.2

DATE CVE VULNERABILITY TITLE RISK
2021-02-09 CVE-2020-14343 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader.
network
low complexity
pyyaml oracle CWE-20
critical
 9.8
9.8
2020-03-24 CVE-2020-1747 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader.
network
low complexity
pyyaml fedoraproject opensuse oracle CWE-20
critical
 9.8
9.8
2020-02-19 CVE-2019-20477 Deserialization of Untrusted Data vulnerability in multiple products
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module.
network
low complexity
pyyaml fedoraproject CWE-502
critical
 9.8
9.8